1. Field
This disclosed embodiments relate in general to authentication. The disclosed embodiments relate particularly to method, apparatus and computer program product according to the preamble of attached claims.
2. Brief Description of Related Developments
Modern organisations, such as enterprises and associations, often provide their computer users with an access to a variety of Internet based services. These computer users may be employees, members, clients and/or other associated people. Many of those Internet based services (e.g. telephone number enquiry) may be normally cost-bearing or otherwise may require some authentication of users. Sourcing these services in larger volumes provides various advantages such as volume discounts. However, the people associated with an organisation may have to pass a first authentication to subscribe into an intranet of the organisation and then to pass a subsequent authentication again to use a third-party service.
Sometimes an entire organisation may be granted with equal rights for accessing given services, but there are often needs to differentiate the level of access rights. For instance, some sales people and secretaries may need hundreds of telephone enquiries a month whereas some researchers may not need any such service at all. This example demonstrates that one approach not always fits everyone. Conversely, services are not always authorised merely based on an enterprise Internet Protocol (IP) address or other corresponding data. Each user or group of users may instead be granted different credentials using which predetermined services are accessible to a predetermined extent. However, resulting volumes of individual passwords or other authentication mechanisms may be laborious to maintain in the organisation. In result, a single sign-on is desired to access various services.
U.S. Pat. No. 6,681,330B2 discusses methods for centralised user identity management across different computing platforms within one organisation.
U.S. Pat. No. 6,892,307B1 discusses using different authentication methods with different trust levels and providing access to all services satisfied with the trust level achieved by the authentication method used.
US2002147927A1 relates to providing secure access from an external client to internal systems after having authenticated with some common means of authentication.
US2002184507A1 describes a method for providing centrally managed single sign-on across a set of web servers.
US2003159072A1 describes a method and infrastructure for providing single sign-on and service provisioning across different networks and devices.
US2004128506Al discloses a trust broker for chaining trust from enterprise A to enterprise B, wherein enterprise A can authenticate a user to the trust broker which again can authenticate the client further to the enterprise B for accessing a desired service. In this case, a special authentication process is required first between the enterprise A and the trust broker and next between the trust broker and the enterprise B.
US2005268241A1 further discloses a method to distribute cookies required by different outsourced service provider servers via a central authentication server after authentication to the central authentication server so that a user could be authenticated with a single login to further services. This approach may, however, also require enterprise users, for instance, to perform a second login (after logging into the enterprise intranet) to the central server of the centralised service provider.